Firms scramble to get their data collection policies in compliance with GDPR

The European data privacy regulations kick in on May 25

You may have been noticing a lot of companies and websites notifying you of changes to their privacy policies and terms of service as of late. This is especially true for those living in Europe. At first glance, it may appear companies are afraid of running into the same trouble Facebook has been contending with for the last several weeks. To a certain extent, this is somewhat true. Firms certainly have a reason to fear potential government regulation and oversight.

However, a large part of what is driving the current wave of notices and opt-in requests is government regulation.

You may have heard of Europe’s General Data Protection Regulation (GDPR), which goes into effect on May 25. The new rules require businesses to obtain consent from Europeans before they are allowed to use or collect their personal information, especially when using it for advertising. The storing of personal data will also be restricted to a finite period, and users may request deletion of their information at any time.

Airbnb, LinkedIn, Instagram, Twitter, Google, and many others have all updated their policies to comply with GDPR and have issued emails to inform users and allow them to opt-in to services. While European consumers are the only demographic protected by these provisions, CNN reports several companies are choosing to have only one set of rules rather than having certain guidelines for Europe and other standards for everywhere else.

While it may seem relatively straightforward to change internal data collection policies, there is a significant financial impact that comes with the revisions. Many companies rely on data collected from users to gain ad revenue, which in turn allows them to offer their services for free. Since the new regs will enable users to delete their data as they please, companies stand to lose billions in marketing income.

Mark Thompson, a lead privacy advisor at KPMG said companies are getting ready for a tsunami of deletion requests. Some companies will have it better than others. “If you are a large investment bank, it could be five requests a week. If you are a large retail bank, it could be 500 a day,” Thompson said.

Other companies will simply not be able to comply due to associated costs.

“I've been with a number of Global 100 boards, and they are not going to be compliant,” he said. “They've spent multiple, multiple millions [of dollars], some in excess of a hundred million so far.”

While those concerned with their privacy may be applauding government regulation of the online services they use, they need to keep in mind that it is a double-edged sword.

On one hand, they can feel secure knowing they have more control over their data. On the other hand, less revenue for their favorite services means the possibility of facing subscription fees for said services. Where they were previously paying for membership with their data, they may soon be paying with their wallet.